Przeglądaj źródła

AMBARI-5753. Storm fails to start after disabling security. (jaimin)

Jaimin Jetly 11 lat temu
rodzic
commit
999fba765b

+ 28 - 20
ambari-web/app/controllers/main/admin/security/disable.js

@@ -23,26 +23,20 @@ App.MainAdminSecurityDisableController = App.MainAdminSecurityProgressController
   name: 'mainAdminSecurityDisableController',
   secureServices: [],
   /**
-   * values of site configs when security disabled
+   * values of site configs when security disabled.
+   * Properties not defined in data/secure_mapping or data/HDP2/secure_mapping and needs to be changed on disabling
+   * security should be defined in secureConfigValuesMap Object
    */
   secureConfigValuesMap: {
-    'hadoop.security.authentication': 'simple',
-    'hadoop.security.authorization': 'false',
-    'dfs.datanode.address': '0.0.0.0:50010',
-    'dfs.datanode.http.address': '0.0.0.0:50075',
-    'mapred.task.tracker.task-controller': 'org.apache.hadoop.mapred.DefaultTaskController',
-    'yarn.nodemanager.container-executor.class': 'org.apache.hadoop.yarn.server.nodemanager.DefaultContainerExecutor',
-    'hbase.security.authentication': 'simple',
-    'hbase.rpc.engine': 'org.apache.hadoop.hbase.ipc.WritableRpcEngine',
-    'hbase.security.authorization': 'false',
-    'zookeeper.znode.parent': '/hbase-unsecure',
-    'hive.security.authorization.enabled': 'false',
-    'hive.metastore.sasl.enabled': 'false',
-    'hive.server2.authentication': 'NONE',
-    'oozie.authentication.type': 'simple',
-    'oozie.service.HadoopAccessorService.kerberos.enabled': 'false',
-    '*.falcon.authentication.type': 'simple',
-    '*.falcon.http.authentication.type': 'simple'
+    'nimbus.childopts': function(value) {
+     return value.replace (/-Djava.security.auth.login.config\s*=\s*\S*/g, "");
+    },
+    'ui.childopts': function(value) {
+       return value.replace (/-Djava.security.auth.login.config\s*=\s*\S*/g, "");
+    },
+    'supervisor.childopts': function(value) {
+      return value.replace (/-Djava.security.auth.login.config\s*=\s*\S*/g, "");
+    }
   },
 
   isSubmitDisabled: function () {
@@ -187,11 +181,25 @@ App.MainAdminSecurityDisableController = App.MainAdminSecurityProgressController
   modifySiteConfigs: function (secureMapping, _serviceConfigTags) {
     var secureConfigValuesMap = this.get('secureConfigValuesMap');
     if (!secureMapping || !_serviceConfigTags) return false;
+
+    // iterate over secureConfigValuesMap to update service-site configProperties not present in secureMapping metadata
+    for (var key in secureConfigValuesMap) {
+      if (key in _serviceConfigTags.configs) {
+        var value = secureConfigValuesMap[key];
+        if (typeof value == 'function') {
+          _serviceConfigTags.configs[key] = value(_serviceConfigTags.configs[key]);
+        }  else if (value) {
+          _serviceConfigTags.configs[key] = value;
+        }
+      }
+    }
+
     secureMapping.filterProperty('filename', _serviceConfigTags.siteName + '.xml').forEach(function (_config) {
       var configName = _config.name;
+      var nonSecureConfigValue = _config.nonSecureValue;
       if (configName in _serviceConfigTags.configs) {
-        if (secureConfigValuesMap[configName]) {
-          _serviceConfigTags.configs[configName] = secureConfigValuesMap[configName]
+        if (nonSecureConfigValue) {
+          _serviceConfigTags.configs[configName] = nonSecureConfigValue;
         } else {
           delete _serviceConfigTags.configs[configName]
         }

+ 15 - 0
ambari-web/app/data/HDP2/secure_mapping.js

@@ -22,6 +22,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "core-site.xml",
     "serviceName": "HDFS"
   },
@@ -30,6 +31,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "core-site.xml",
     "serviceName": "HDFS"
   },
@@ -150,6 +152,7 @@ module.exports = [
     "templateName": ["dfs_datanode_address"],
     "foreignKey": null,
     "value": "0.0.0.0:<templateName[0]>",
+    "nonSecureValue": "0.0.0.0:50010",
     "filename": "hdfs-site.xml",
     "serviceName": "HDFS"
   },
@@ -158,6 +161,7 @@ module.exports = [
     "templateName": ["dfs_datanode_http_address"],
     "foreignKey": null,
     "value": "0.0.0.0:<templateName[0]>",
+    "nonSecureValue": "0.0.0.0:50075",
     "filename": "hdfs-site.xml",
     "serviceName": "HDFS"
   },
@@ -262,6 +266,7 @@ module.exports = [
     "templateName": ["yarn_nodemanager_container-executor_class"],
     "foreignKey": null,
     "value": "<templateName[0]>",
+    "nonSecureValue": "org.apache.hadoop.yarn.server.nodemanager.DefaultContainerExecutor",
     "filename": "yarn-site.xml",
     "serviceName": "YARN"
   },
@@ -302,6 +307,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "hive-site.xml",
     "serviceName": "HIVE"
   },
@@ -310,6 +316,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "hive-site.xml",
     "serviceName": "HIVE"
   },
@@ -318,6 +325,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "KERBEROS",
+    "nonSecureValue": "NONE",
     "filename": "hive-site.xml",
     "serviceName": "HIVE"
   },
@@ -366,6 +374,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "oozie-site.xml",
     "serviceName": "OOZIE"
   },
@@ -398,6 +407,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "oozie-site.xml",
     "serviceName": "OOZIE"
   },
@@ -480,6 +490,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },
@@ -488,6 +499,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },
@@ -511,6 +523,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "/hbase-secure",
+    "nonSecureValue": "/hbase-unsecure",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },
@@ -521,6 +534,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "falcon-startup.properties.xml",
     "serviceName": "FALCON"
   },
@@ -529,6 +543,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "falcon-startup.properties.xml",
     "serviceName": "FALCON"
   },

+ 14 - 0
ambari-web/app/data/secure_mapping.js

@@ -22,6 +22,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "core-site.xml",
     "serviceName": "HDFS"
   },
@@ -30,6 +31,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "core-site.xml",
     "serviceName": "HDFS"
   },
@@ -127,6 +129,7 @@ module.exports = [
     "templateName": ["dfs_datanode_address"],
     "foreignKey": null,
     "value": "0.0.0.0:<templateName[0]>",
+    "nonSecureValue": "0.0.0.0:50010",
     "filename": "hdfs-site.xml",
     "serviceName": "HDFS"
   },
@@ -135,6 +138,7 @@ module.exports = [
     "templateName": ["dfs_datanode_http_address"],
     "foreignKey": null,
     "value": "0.0.0.0:<templateName[0]>",
+    "nonSecureValue": "0.0.0.0:50075",
     "filename": "hdfs-site.xml",
     "serviceName": "HDFS"
   },
@@ -191,6 +195,7 @@ module.exports = [
     "templateName": ["tasktracker_task_controller"],
     "foreignKey": null,
     "value": "<templateName[0]>",
+    "nonSecureValue": "org.apache.hadoop.mapred.DefaultTaskController",
     "filename": "mapred-site.xml",
     "serviceName": "MAPREDUCE"
   },
@@ -231,6 +236,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "hive-site.xml",
     "serviceName": "HIVE"
   },
@@ -239,6 +245,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "hive-site.xml",
     "serviceName": "HIVE"
   },
@@ -247,6 +254,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "KERBEROS",
+    "nonSecureValue": "NONE",
     "filename": "hive-site.xml",
     "serviceName": "HIVE"
   },
@@ -295,6 +303,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "oozie-site.xml",
     "serviceName": "OOZIE"
   },
@@ -327,6 +336,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "oozie-site.xml",
     "serviceName": "OOZIE"
   },
@@ -409,6 +419,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "kerberos",
+    "nonSecureValue": "simple",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },
@@ -417,6 +428,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "org.apache.hadoop.hbase.ipc.SecureRpcEngine",
+    "nonSecureValue": "org.apache.hadoop.hbase.ipc.WritableRpcEngine",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },
@@ -425,6 +437,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "true",
+    "nonSecureValue": "false",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },
@@ -448,6 +461,7 @@ module.exports = [
     "templateName": [],
     "foreignKey": null,
     "value": "/hbase-secure",
+    "nonSecureValue": "/hbase-unsecure",
     "filename": "hbase-site.xml",
     "serviceName": "HBASE"
   },